It is no longer enough to rely on your users and security layers to determine the effectiveness of your email security. The "wait and see" approach of how your users will respond to emails with threats is not a good practice. The need to run simulated tests to test email security is very important. Running tests provide another layer of security for your organization. It provides additional insight into how effective a company's email security posture is. A free email security phishing tool will show you how many users fell victim to a phishing attack. The results from the test will give you a breakdown of the number of users that clicked vs didn't click on the suspicious link.
The tool we will use is the Free Phishing Security Test tool by KnowBe4.com. You can run this security phishing test directly from the KnowBe4.com website. In this article, we will cover the five steps to help you run the security test. The only catch is that a sign-up is required in order to use the tool.
Click here to sign up for your free test. Once you are logged in, you will be able to choose your email type.
This is the email style that will be sent to your users. Choose Microsoft Exchange if your company uses this email server. There are several other options to choose for phishing email style.
This is the email that your users will receive with instructions to click on the link. You will see the email domain that you specified during sign up.
This is the page that your users will be redirected to if they click on the link in the email. You can also choose the 404 Not Found landing page.
In this report you will see how many users received the email, and the number of users that clicked the link.
Pay close attention to the "total delivered" and the "total clicks" rows. First, if you have an effective email security measure in place, your users should never see any of the emails from the phishing test above. Second, if your users did receive the email, this points to a deeper problem. Check to make sure that your email security is properly configured. For example, if you are using Office 365, check the spam settings in Defender. Make sure that your mail domain is properly set up with a DMARC record. Otherwise, this could allow someone to spoof your domain (i.e., to pretend to be authenticated and send email from inside your domain to other users).
After you run the test, you will receive a PDF emailed to you within a day with the percentage breakdown.
How well did you do? How many of your users fell victim to the phishing test? What if this had been a real threat with a malicious link? This is how fast your users will be fooled into a cyberattack and bypass your email security. As you will see, the end user is the end of your security layer. Your security is only as strong as its weakest link. The results show the actual state of email security and the need for user cybersecurity best practice training.
The site offers a suite of free security tools to test your security, from phishing tests (see below) to email exposure, domain spoof test, mailserver assessment, and domain look-alike test.
The right Managed Service Provider (MSP) technology partner will help your business implement the best email security solution to protect against modern phishing attacks.
Everything IT Pros is a managed IT solutions company that is aiming to simplify and modernize how you acquire external IT support & security. We don't compromise with good, better, best packages and we don't believe you should do business with us because of a long-term contract. We want to earn your business every month. You’re never locked into us – we’re that confident of what we have to offer! Our clients benefit from wired and wireless networks to endpoint security and support. We also provide digital marketing and SEO optimization of Google My Business, local ranking, on-page SEO, and SEM. We have the expertise and services to help you manage, secure, and grow your business. Click here to contact us.